package common.inter;

import com.jfinal.aop.Interceptor;
import com.jfinal.aop.Invocation;
import com.jfinal.core.Controller;
import com.jfinal.kit.Kv;

import common.kit.MD5;
import common.kit.PropKits;

public class ApiSignInter implements Interceptor{

	@Override
	public void intercept(Invocation inv) {
		Controller controller = inv.getController();
		controller.getResponse().setHeader("Access-Control-Allow-Origin", "*");
		Long timestamp = controller.getLong("timestamp");
		String sign = controller.getPara("sign");
		//验证Api请求的来源是否可靠
		if (!MD5.isValid(timestamp, sign) && PropKits.isDevMode() == false ) {
			Kv kv = Kv.by("state", "fail").set("err" , "invalid request");
			controller.renderJson(kv);
			return ;
		}
		inv.invoke();
	}
}
